Excerpt from Bank Info Security Article, Published on August 7, 2025
KLM recently disclosed a data breach that affected customer information through unauthorized access to a third-party platform used for customer service. The breach was detected in late July 2025, when unusual activity was noticed by KLM and Air France, which share a parent company. KLM’s IT teams, along with the external platform’s security experts, quickly acted to contain the intrusion and prevent further unauthorized access.
The compromised data primarily included customer names, contact details such as email addresses and phone numbers, Flying Blue loyalty program numbers, and the subject lines of customer email queries. Importantly, KLM confirmed that no sensitive information such as passwords, travel details, passport numbers, or credit card data was exposed. The breach does not involve KLM’s internal operational systems, which remain secure.
KLM has reported the incident to the Dutch Data Protection Authority (Autoriteit Persoonsgegevens) and is actively notifying affected customers. These customers are advised to be vigilant regarding suspicious emails or phone calls that may arise from this data leak, as attackers could potentially use the information for phishing attempts. KLM even provides guidance on identifying genuine communications versus malicious ones.
This breach is part of a rising trend of cyberattacks on aviation companies and appears linked to sophisticated social engineering attacks targeting customer service platforms. KLM’s experience underscores the critical need for airlines and other organizations to strengthen security measures around third-party services.
To better protect customer data, KLM has implemented additional security protocols and continues to monitor systems closely to prevent recurrence. Customers and stakeholders are encouraged to stay informed and cautious of unsolicited requests for personal information.
To delve deeper into this topic, read the Bank Info Security article.
